Shared posts

07 Sep 14:23

The Perfect User

by Cherie Lacey; Catherine Caudwell; Alex Beattie
Maxim Bange

Thank you for sharing!

On June 9, former Google designer turned tech critic Tristan Harris tweeted: “We need a new field of ‘Society & Technology Interaction’ (or STX).” This “new field,” he wrote, would research ways to realign technology so that it worked in the best interests of humanity. But as some academics and social scientists were swift to point out, it is not as if such critical approaches don’t already exist. They responded to Harris’s tweet by noting his apparent ignorance of entire swathes of academic research, including science and technology studies (STS), internet and platform studies, and other various subfields within the social sciences and humanities that have been critiquing design and technological practices for decades. Some replies accused Harris of “Columbizing,” claiming to discover a territory that already exists.

More than merely an amusing Twitter roasting, however, this episode marks a key moment in the emerging discourse of “tech humanism,” which, as Ben Tarnoff and Moira Weigel explain in this essay for the Guardian, is the belief that technology “damages our psychological well-being and conditions us to behave in ways that diminish our humanity.” In other words, technology in their view now compromises the quintessentially human capacity for individual decision making.

The “human” is not a self-evident category

Harris’s tweet was part of a wider discussion among advocates for “humane technology” such as Aza Raskin and Aviv Oyadya, who argue that user-experience (UX) design — the practice of tailoring a product to users’ anticipated behavioral responses, with the aim of making it easy or compelling to use — has led to a general “downgrade” of humanity, evidenced by digital addiction, increased superficiality, and an overall decline of mental health and political and media discourse. A critical approach to UX, they say, would help shed light on its negative effects. Harris’s Center of Humane Technology seems to have been launched with that aim in mind. But as Maya Ganesh, Lilly Irani and Rumman Chowdhury, and others have noted, the idea of humane technology is at best a technical critique of UX design practices and culture that repositions Silicon Valley entrepreneurs, designers, and programmers as the ideal reformers of humanity.

The tech-humanist movement raises important questions about how UX design configures human beings as “users” according to the culture and ideology of the tech sector. This echoes the work of STS scholars like Benjamin Bratton, Tung-Hui Hu, Orit Halpern, and Wendy Chun, who have made similar points. But tech humanism appears to take for granted the fundamental unit that motivates its critique: the “human” subject. For Harris and company, the human subject appears to be a transparent, knowable, monadic unit of being, more or less consistent with the humanist subject of the Enlightenment. They treat what a “human” is and does as self-evident, overlooking the ways that the category of the human has been used to dehumanize certain people and groups who fall outside their limited definition (i.e. women, people of color, non-able bodies, etc.). The “human” is not a self-evident category at all but rather a political and ideological tool that has long been used to maintain existing hierarchies, excluding some people to the benefit of others.

The arch response Harris received to his STX tweet might be read as part of ongoing debates, in STS and elsewhere, regarding who gets to define the “human,” as well as who gets to be considered most fully human in our current techno-social predicament. Our concern is that tech humanism not only underestimates what it takes to comprehend the category of “the human” but that its attempts to reform “humanity” may reinstate humanism’s old hierarchies of power and control.


Traditional humanism defined the “human” as a rational, sovereign agent. In Rosi Braidotti’s estimation, this means “the classical ideal of ‘Man,’ formulated first by Protagoras as ‘the measure of all things,’ later renewed in the Italian Renaissance as a universal model and represented in Leonardo da Vinci’s Vitruvian Man.” Cary Wolfe has explained this idea of the “human” as “the Cartesian subject of the cogito, the Kantian ‘community of reasonable beings,’ or, in more sociological terms, the subject as citizen, rights-holder, property-owner, and so on.” This Enlightenment notion of the human continues to enjoy widespread consensus, carrying with it a reassuring familiarity and appearing as common sense. An attachment to this notion of the human is often asserted as if it were a matter of fact, a given — so much so that, as Braidotti points out, we construct a fundamental notion of rights around it.

It is no coincidence that websites promoting disconnection tools and events often feature striking images of untouched mountains

Though this definition of “human” is often taken and natural and self-evident, it has also been subject to critique. The anti-humanist movements of postwar Europe (associated with figures such as Michel Foucault, Jacques Derrida, Gilles Deleuze, and Jacques Lacan) and the more recent posthuman movement (associated with Rosi Braidotti, Cary Wolfe, Francesca Ferrando, among others) have systematically critiqued this humanist figure for its partiality. As Braidotti summarizes:

Universal “Man,” in fact, is implicitly assumed to be masculine, white, urbanized, speaking a standard language, heterosexually inscribed in a reproductive unit and a full citizen of a recognized polity. How nonrepresentative can you get?

The concept is also critiqued for putting forward the notion of man as the hegemonic and rightfully dominant species.

Tech humanism, in foregrounding the need to preserve “the human,” is in danger of reviving the old humanist approach, only its definition of Universal Man is framed around the ideal user implicit in the protocols of UX design. Humanism’s “unshakable certainty [in] the almost boundless capacity of humans to pursue their individual and collective perfectibility” (as Rosi Braidotti puts it in The Posthuman) is finding new form in the Perfect User: a thoroughly designed, homogenous subject position that one may momentarily step into by engaging in digital healthism and digital well-being practices. Its proximate roots are in Californian wellness culture (described here by Daniela Blei), which attempts to align intentional technology use with self-mastery. Today’s aspirational subject can engage in activities such as intentional eating, intentional house design, and intentional human speaking. And, of course, intentional phone use.

Drawing from wellness culture, tech humanism adopts as one of its central tenets the perfectibility of the subject, pursuable through such activities as mindfulness, digital minimalism, productivity, self-discipline, and intentionality. Inherent in the movement is the elitist assumption that everyone has the time and means to be unconnected. For the Perfect User, retreating from the digital world means attending custom-designed events and festivals, like the Go Brick Phone-Free Getaway and, of course, Burning Man, where being screen-free will have only positive consequences. It is no coincidence that websites promoting disconnection tools and events often feature striking images of untouched mountains, because the Perfect User has the ability to travel in pursuit of self-improvement.

There is also a fundamental assumption that users have, or should have, a dominant, guiding and aspirational intention in ideological alignment with the Center for Humane Technology’s Humane Design Guide. Central to the center’s ideology is the humanist belief that individuals should act in concert with their own intentions. Accordingly, UX design practices can and should enhance the human condition by aligning design to human intention. As part of this determinist, the CHT website (under a header of Take Control) offers tips on, for example, how to temper one’s phone habit, with links to recommended mindfulness or time-management apps like Calm and Moment. These tips reinforce an approach to technology founded in what Adam Fish calls “digital healthism,” which positions the individual as responsible for their digital consumption.

But for tech humanism, the same potent persuasive technology design that is pitched here as the solution was also the source of the problem, fomenting unintentional or unconscious phone use through its irresistible snares. The movement’s ostensible mission is to maintain and protect individual sovereignty and restore intentionality, yet it relies on the same sort of assumption about the conditioning powers of UX design to achieve it.

Tech humanism insists that one be a user to be recognized as human. The fantasy-structure of intentionality encourages an aspirational form of digital consumption

Exactly how does UX design configure the Perfect User? And whose interests does this user serve? Among the apps meant to rescue users from distraction is Siempo, which tries to restore intentionality by redrawing the phone interface and reorganizing the app inventory to make “distracting” features less accessible. During its onboarding process, the app asks, “What’s your intention?” which it then reminds users of every time they unlock their phone or swipe to additional screens. Constantly reminding the user of their intention nudges the user to self-manage their digital consumption and aspire to a healthier, more productive, or otherwise self-optimal modes of living. With Siempo installed, the phone becomes akin to Foucault’s “body-tool,” demanding of the user continuous, intentional behavior. The phone as body-tool prompts the user to engage in self-surveillance and self-discipline, subjugating themselves to the modes of use that have been designed into the app.

Another tool, the Intent Launcher of the Add Intent suite, further reveals the kinds of activities the Perfect User is encouraged to strive for. Although the app’s purpose is presented relatively neutrally as “developing tools that put you back in control,” the overall design promotes a specific lifestyle ideology. Its design is text-only, to counteract “flashy icons trying to get your attention.” It suggests that users organize their phone apps into “Essentials” (it lists Amazon Kindle, Camera, Inbox, Messages, Phone, Slack, and Spotify) and “Distractions” (Facebook, Twitter, Instagram, and YouTube). These lists seem to discourage apps where the user engages more directly with others and with the outside world, and encourage as potentially “enriching” activities like reading and listening to music.

Regardless of how worthy their causes may be, both these apps require the user to enter into a thoroughly designed user-position — the Perfect User — to even be recognized as a subject by the socio-technical apparatus. One cannot function as a user without conforming to the modes of use that have been designed into the system. Put differently, apps like Siempo and Add Intent are actively involved in producing the kind of subject with which they claim to interact. The user of these systems remains a docile subject to be brought under control and disciplined, but the fantasy-structure of intentionality masks the ideological functioning of the apps, not to mention the broader structures of wellness capitalism itself, by encouraging an aspirational form of digital consumption. Tech humanism more or less insists that one be a user to be recognized as human. This move keeps us tethered to classic humanist structures of categorization, whereby some users are considered better than others.

The Perfect User may appear to be a self-evidently superior form of subjectivity well-suited to the pressures of our techno-social age, but that should not blind us to the relational politics and ideological entanglements that lie behind it. Though it seems rooted in wellness and empowerment, it implicitly retains the hierarchies and exclusions of enlightenment humanism by assuming the nature of the “human” subject it requires.

Although the humane tech movement’s attempts to reconfigure a “better” user-subject may be well-intentioned, we also need to acknowledge the political and ideological assumptions underpinning it. This may help to avoid a situation in which a relatively small group of Silicon Valley tech entrepreneurs, developers, and designers are reforming humanity according to a privileged set of values and ideals.

26 Aug 23:28

Henry David Thoreau

"Success usually comes to those who are too busy to be looking for it."
14 Aug 10:59

Exploiting GDPR to Get Private Information

by Bruce Schneier

A researcher abused the GDPR to get information on his fiancee:

It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.

"Generally if it was an extremely large company -- especially tech ones -- they tended to do really well," he told the BBC.

"Small companies tended to ignore me.

"But the kind of mid-sized businesses that knew about GDPR, but maybe didn't have much of a specialised process [to handle requests], failed."

He declined to identify the organisations that had mishandled the requests, but said they had included:

  • a UK hotel chain that shared a complete record of his partner's overnight stays

  • two UK rail companies that provided records of all the journeys she had taken with them over several years

  • a US-based educational company that handed over her high school grades, mother's maiden name and the results of a criminal background check survey.
24 Jun 11:21

Bill Gates says his ‘greatest mistake ever’ was Microsoft losing to Android

by Tom Warren

Microsoft co-founder Bill Gates has been reflecting on his time at the company when crucial decisions were made over its mobile operating system. During a recent interview at Village Global, a venture capital firm, Gates revealed his “greatest mistake ever” was Microsoft missing the Android opportunity:

“In the software world, particularly for platforms, these are winner-take-all markets. So the greatest mistake ever is whatever mismanagement I engaged in that caused Microsoft not to be what Android is. That is, Android is the standard non-Apple phone platform. That was a natural thing for Microsoft to win. It really is winner take all. If you’re there with half as many apps or 90 percent as many apps, you’re on your way to complete...

Continue reading…

09 Jun 18:35

W. C. Fields

"Reminds me of my safari in Africa. Somebody forgot the corkscrew and for several days we had to live on nothing but food and water."
27 May 10:48

Donald H. Rumsfeld

"If you are not criticized, you may not be doing much."
23 May 11:07

Marie Curie

"I am among those who think that science has great beauty. A scientist in his laboratory is not only a technician: he is also a child placed before natural phenomena which impress him like a fairy tale."
13 Apr 11:02

Maliciously Tampering with Medical Imagery

by Bruce Schneier

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists.

I don't think the medical device industry has thought at all about data integrity and authentication issues. In a world where sensor data of all kinds is undetectably manipulatable, they're going to have to start.

Research paper. Slashdot thread.

03 Apr 10:42

Hacking Instagram to Get Free Meals in Exchange for Positive Reviews

by Bruce Schneier

This is a fascinating hack:

In today's digital age, a large Instagram audience is considered a valuable currency. I had also heard through the grapevine that I could monetize a large following -- or in my desired case -- use it to have my meals paid for. So I did just that.

I created an Instagram page that showcased pictures of New York City's skylines, iconic spots, elegant skyscrapers ­-- you name it. The page has amassed a following of over 25,000 users in the NYC area and it's still rapidly growing.

I reach out restaurants in the area either via Instagram's direct messaging or email and offer to post a positive review in return for a free entree or at least a discount. Almost every restaurant I've messaged came back at me with a compensated meal or a gift card. Most places have an allocated marketing budget for these types of things so they were happy to offer me a free dining experience in exchange for a promotion. I've ended up giving some of these meals away to my friends and family because at times I had too many queued up to use myself.

The beauty of this all is that I automated the whole thing. And I mean 100% of it. I wrote code that finds these pictures or videos, makes a caption, adds hashtags, credits where the picture or video comes from, weeds out bad or spammy posts, posts them, follows and unfollows users, likes pictures, monitors my inbox, and most importantly -- both direct messages and emails restaurants about a potential promotion. Since its inception, I haven't even really logged into the account. I spend zero time on it. It's essentially a robot that operates like a human, but the average viewer can't tell the difference. And as the programmer, I get to sit back and admire its (and my) work.

So much going on in this project.

15 Mar 13:39

Solomon Short

"I'm all in favor of keeping dangerous weapons out of the hands of fools. Let's start with typewriters."
01 Mar 21:25

As More Universities ‘Ditch’ Elsevier, Sci-Hub Blossoms

by Ernesto

Little more than three years ago, Elsevier, one of the world’s largest academic publishers, took Sci-Hub to court.

It was a mismatched battle from the start. With a net income of more than $2.4 billion per year, the publisher could fund a proper case, while its nemesis relied on donations.

Elsevier won the case, including millions of dollars in damages. However, the site remained online and grew bigger. Ironically, the academic publisher itself appears to be one of the main drivers of this growth.

In recent years there has been a major push in academic circles to move to Open Access publishing. Instead of locking academic publications behind paywalls, they should be freely available to researchers around the world as well as the public at large, the argument goes.

There has been some progress on this front, but it’s been slow. Meanwhile, Elsevier and other publishers continue to sell expensive subscriptions to universities. So expensive, that many institutions can’t afford them.

This means that their researchers run into paywalls, so they can’t do their work properly. It’s an absurd situation for the academic world, which is built on the premise that researchers build upon the work of others.

In an attempt to force a breakthrough, the University of California (UC), which includes ten campuses, requested that all its research be made available to the public from Elsevier without cost. This was possible, but only if UC’s authors paid extra publishing fees.

This was not an option for UC, which already had to pay a multi-million dollar subscription, so it cut its ties with Elsevier. The university notes that it doesn’t want to pay the rapidly escalating costs when its own work isn’t freely available.

This isn’t a problem that’s limited to UC, many other institutions can’t or are not willing to pay millions in subscription fees. This has reached a point where it’s pretty much impossible, even for wealthy universities, to access all academic knowledge.

“Make no mistake: The prices of scientific journals now are so high that not a single university in the U.S. — not the University of California, not Harvard, no institution — can afford to subscribe to them all,” says Jeffrey MacKie-Mason, university librarian and economics professor at UC Berkeley.

“Publishing our scholarship behind a paywall deprives people of the access to and benefits of publicly funded research. That is terrible for society,” MacKie-Mason adds.

This issue is not new and Elsevier is not the only publisher to demand high subscription fees. As the largest academic publisher, however, the effects of canceled subscriptions are felt most at Elsevier.

Several universities from Germany, Hungary, and Sweden previously let their Elsevier subscriptions expire, which means that tens of thousands of researchers don’t have access to research that is critical to their work.

This is where Sci-Hub comes into play.

The “Pirate Bay of Science” might just quietly play a major role in this conflict. Would the universities cancel their subscriptions so easily if their researchers couldn’t use Sci-Hub to get free copies?

Without access to critical research, their employees can’t function properly, so this ‘pirate’ backup comes in handy for sure.

Sci-Hub founder Alexandra Elbakyan has always been forthcoming about her goals. Sci-Hub wants to remove all barriers in the way of science. She also made that crystal clear when we interviewed her back in 2015.

“Everyone should have access to knowledge regardless of their income or affiliation. And that’s absolutely legal. Also, the idea that knowledge can be a private property of some commercial company sounds absolutely weird to me,” she said at the time.

While Sci-Hub may not be a permanent solution, its existence definitely pays a major role as a bargaining chip in a changing academic publishing world. While it’s early days, Sci-Hub certainly helped to make the paywalls crumble.

A quick look at some traffic stats shows that the site’s visitors continue to grow at a rapid rate, and with UC’s most recent decision to cancel its Elsevier subscription, this trend is likely to continue.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

01 Mar 15:44

Deze websites schenden ongevraagd je privacy

Maxim Bange

Name and shame

Honderden websites schenden ongevraagd je privacy, meldde de NOS eerder vandaag. Maar welke sites maken zich daar precies schuldig aan? Hieronder zetten we het op een rij.

Omdat de lijst anders te lang zou zijn, tonen we alleen websites die ten tijde van het onderzoek twee of meer tracking cookies plaatsten, bestandjes die je internetgedrag volgen.

Het onderzoek stamt uit halverwege februari; het kan zijn dat websites inmiddels maatregelen hebben genomen of dat de situatie om andere redenen is gewijzigd.

Onder de websites die ongevraagd tracking cookies plaatsten, zijn ook twee politieke partijen, namelijk PvdA en Forum voor Democratie. De PvdA heeft inmiddels actie ondernomen; volgens de partij ging het om een fout en werd de tracking cookie niet daadwerkelijk gebruikt. Forum voor Democratie was niet bereikbaar voor commentaar.

Zorgverzekeraar CZ bevestigt tracking cookies te hebben geplaatst, maar zegt dat dit is gebeurd zonder dat het bedrijf het wist.

Een van de websites die de meeste tracking cookies plaatsten, is die van RTV Rijnmond. Dat ging om een fout, die inmiddels is rechtgezet, laat de omroep weten. Uit een analyse van de tracking cookies die zijn geplaatst, blijkt dat de cookies afkomstig zijn uit de Verenigde Staten tot China. Ook bezoekers van Linda en Lindanieuws worden blootgesteld aan cookies uit verschillende landen: van Maleisië en Japan tot Polen en Rusland.

Een deel van de websites, zoals Nu.nl en Startpagina, opereert in een grijs gebied en plaatst tracking cookies als je de cookiemelding negeert. Het idee: als je de website blijft gebruiken, ben je blijkbaar akkoord. Maar juristen plaatsen daar kanttekeningen bij. Uiteindelijk zal de rechter zich moeten uitspreken over de vraag of deze praktijk door de beugel kan.

19 Feb 14:27

Linux Mint 19.1: A sneaky popular distro skips upheaval, offers small upgrades

by Ars Staff
Cinnamon 4.0's new look in Linux Mint 19.1

Enlarge / Cinnamon 4.0's new look in Linux Mint 19.1 (credit: Scott Gilbertson)

While Ubuntu and Red Hat grabbed most of the Linux headlines last year, Linux Mint, once the darling of the tech press, had a relatively quiet year. Perhaps that's understandable with IBM buying Red Hat and Canonical moving back to the GNOME desktop. For the most part Linux Mint and its developers seemed to keep their heads down, working away while others enjoyed the limelight. Still, the Linux Mint team did churn out version 19, which brought the distro up to the Ubuntu 18.04 base.

While the new release may not have garnered mass attention, and probably isn't anyone's top pick for "the cloud," Linux Mint nevertheless remains the distro I see most frequently in the real world. When I watch a Linux tutorial or screen cast on YouTube, odds are I'll see the Linux Mint logo in the toolbar. When I see someone using Linux at the coffee shop, it usually turns out to be Linux Mint. When I ask fellow Linux users which distro they use, the main answers are Ubuntu... and Linux Mint. All of that is anecdotal, but it still points to a simple truth. For a distro that has seen little press lately, Linux Mint manages to remain popular with users.

There's a good reason for that popularity: Linux Mint just works. It isn't "changing the desktop computer paradigm," or "innovating" in "groundbreaking" ways. The team behind Mint is just building a desktop operating system that looks and functions a lot like every other desktop operating system you've used, which is to say you'll be immediately comfortable and stop thinking about your desktop and start using it to do actual work.

Read 24 remaining paragraphs | Comments

21 Dec 16:25

Drone Denial-of-Service Attack against Gatwick Airport

by Bruce Schneier

Someone is flying a drone over Gatwick Airport in order to disrupt service:

Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.

He told BBC News: "There are 110,000 passengers due to fly today, and the vast majority of those will see cancellations and disruption. We have had within the last hour another drone sighting so at this stage we are not open and I cannot tell you what time we will open.

"It was on the airport, seen by the police and corroborated. So having seen that drone that close to the runway it was unsafe to reopen."

The economics of this kind of thing isn't in our favor. A drone is cheap. Closing an airport for a day is very expensive.

I don't think we're going to solve this by jammers, or GPS-enabled drones that won't fly over restricted areas. I've seen some technologies that will safely disable drones in flight, but I'm not optimistic about those in the near term. The best defense is probably punitive penalties for anyone doing something like this -- enough to discourage others.

There are a lot of similar security situations, in which the cost to attack is vastly cheaper than 1) the damage caused by the attack, and 2) the cost to defend. I have long believed that this sort of thing represents an existential threat to our society.

EDITED TO ADD (12/23): The airport has deployed some ant-drone technology and reopened.

19 Nov 20:57

What Happened to Cyber 9/11?

by Bruce Schneier

A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. (I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I made fun of those warnings back then.) The author's answer:

Three main barriers are likely preventing this. For one, cyberattacks can lack the kind of drama and immediate physical carnage that terrorists seek. Identifying the specific perpetrator of a cyberattack can also be difficult, meaning terrorists might have trouble reaping the propaganda benefits of clear attribution. Finally, and most simply, it's possible that they just can't pull it off.

Commenting on the article, Rob Graham adds:

I think there are lots of warning from so-called "experts" who aren't qualified to make such warnings, that the press errs on the side of giving such warnings credibility instead of challenging them.

I think mostly the reason why cyberterrorism doesn't happen is that which motivates violent people is different than what which motivates technical people, pulling apart the groups who would want to commit cyberterrorism from those who can.

These are all good reasons, but I think both authors missed the most important one: there simply aren't a lot of terrorists out there. Let's ask the question more generally: why hasn't there been another 9/11 since 2001? I also remember dire predictions that large-scale terrorism was the new normal, and that we would see 9/11-scale attacks regularly. But since then, nothing. We could credit the fantastic counterterrorism work of the US and other countries, but a more reasonable explanation is that there are very few terrorists and even fewer organized ones. Our fear of terrorism is far greater than the actual risk.

This isn't to say that cyberterrorism can never happen. Of course it will, sooner or later. But I don't foresee it becoming a preferred terrorism method anytime soon. Graham again:

In the end, if your goal is to cause major power blackouts, your best bet is to bomb power lines and distribution centers, rather than hack them.

10 Nov 14:14

Trump isn’t Orwell’s nightmare. He’s the kind of politician Orwell thought would save us.

by Lane Greene

Since Donald Trump’s rise in 2015, calling his presidency Orwellian has been a kind of shibboleth among critics. After Trump’s first week in January 2017, Adam Gopnik wrote in the New Yorker, “re-reading Orwell, one is reminded of what Orwell got right about this kind of brute authoritarianism.” That same month, when Trump adviser Kellyanne Conway defended the administration’s “alternative facts,” Washington Post media columnist Margaret Sullivan wrote that “we’ve gone full Orwell.” Shortly afterward, sales of 1984 surged.

But in one important respect, these commentators are missing something important. When it comes to language, Trump isn’t the kind of person Orwell was worried about. In fact the plain-speaking president represents something closer to Orwell’s imagined solution to a problem that consumed him, the use of public language to hide meaning. If you look at how Trump talks — and the similar rhetoric in Britain around Brexit, and the broader populist wind across Europe — it is proof that Orwell got some big things wrong when it comes to language’s ability to protect us from politicians who would rather have us not know the truth.

If Orwell as a political thinker is known for one thing besides “Big Brother,” it’s his celebrated 1946 essay “Politics and the English Language,” in which he complained of leaders using language not to communicate, but to hide their intentions. “A mass of Latin words falls upon the facts like soft snow,” he wrote, “blurring the outline and covering up all the details…. When there is a gap between one’s real and one’s declared aims, one turns as it were instinctively to long words and exhausted idioms, like a cuttlefish spurting out ink.”

Orwell was confident that simple language itself would be a defense against much of what was wrong with politics. Clarity would make it near impossible for leaders to say stupid and dishonest things, or to fall into lock-step dogma, without realizing that they were doing so — and without exposing the speaker as a fraud or a villain. As he wrote in “Politics and the English Language”: “If you simplify your English, you are freed from the worst follies of orthodoxy. You cannot speak any of the necessary dialects, and when you make a stupid remark its stupidity will be obvious, even to yourself.” His famous six rules for writers, which close the essay, are instructions on how to strip one’s words of such clutter.

Orwell had witnessed the rise of the two great murderous -isms in Europe, fascism and communism. Both turned their violence on their own people with a ferocity that could not be put in plain language. As Orwell put it, a defender of Stalin’s purges can’t just come out and say “I believe in killing off your opponents when you can get good results by doing so.” The same might be said for Hitler’s verschärfte Vernehmung and Endlösung, “sharpened interrogation” and “final solution,” which in plain language are torture and mass murder.

Since Orwell, it has become a common complaint among pundits and commentators that overblown or confusing language stacks the deck against ordinary citizens who just want to know what their government is up to. His notion that plain language will make awful politics unbearable is simple and appealing — and largely wrong. Remember that for people to recognize a falsehood, they need to know the truth. Orwell assumes that once deception is stripped away, the truth will be plain. But populism, or at least the brand of populism represented by Trump and Brexit, proves that Orwell was wrong.

The year 2016 rocked Western politics. First, in June, Britain voted for Brexit: to leave the European Union, against the advice of the overwhelming majority of politicians, economists, academics, business leaders and elite journalists. Then, in November, America rejected a former secretary of state and senator, Hillary Clinton, for a political novice and a billionaire with a habit of saying appalling things, Donald Trump. In both cases, the experts misread the sentiment of a part of their country far away from the big cities where journalists tend to live and work.

And in both cases, those angry voters, ready to vote for change of almost any kind, were seduced not by “cuttlefish squirting out ink,” but by politicians making it perfectly clear what they wanted and how they planned to get it. Without making a statement on whether these voting choices were right or wrong, both Brexit and Trump ran campaigns filled with lies — lies in simple, bold language. When they lied, the lies were often perfectly clear to anyone who cared to learn the least bit about the facts. But either the lies were not recognized as such, or voters didn’t care.

First take Brexit. Its master slogan was simple: “Let’s take back control.” Brussels, the metonym for the European Union, was an undemocratic weight on Britain’s ancient freedoms, its democracy and the “Mother of All Parliaments,” the legislature at Westminster. Brexit’s

proponents toured the country in a bus that featured the slogan “We send the EU £350m a week. Let’s fund the NHS [UK National Health Service] instead. Vote Leave.” The £350m figure was fake; it was a net number that didn’t take into account the money Britain got back from the EU. And no one on the Leave side had any serious interest in putting any big extra sums — much less £350m a week — into the health service. But when supporters of staying in the EU pointed this out, they were dismissed as “elites” with no standing to talk about what the real British people — sick of elites — wanted. There was absolutely nothing wrong with the language on the side of the bus, which obeys all of Orwell’s rules. The problem was voters’ grasp of the facts, or their disregard for them.

The polite faces of the Leave campaign were Boris Johnson, who had just been the Conservative mayor of London, and Michael Gove, the former justice and education secretary. But its real powerhouse was Nigel Farage, the leader of the United Kingdom Independence Party.

Mainstream politicians dismissed Farage as a buffoon — it is hard to find a politician more often photographed with a pint of beer and a cigarette in his hands. But that was part of his appeal. And so was his language — as different from that of a polished politician as they come.

In a typical speech, he said:

So who are we? Who is the typical UKIP voter? I’ll tell you something about the typical UKIP voter — the typical UKIP voter doesn’t exist. When I look at the audiences in those theaters there is a range of British society from all parts of the spectrum. Workers, employers, self-employed. Big businessmen, corner shop owners. Well off, comfortably off, struggling. Young as well as old. Not ideologues. Some left, some right, mostly in the middle. Some activists, some haven’t voted for twenty years. One thing many have in common: they are fed up to the back teeth with the cardboard cut-out careerists in Westminster. The spot-the-difference politicians. Desperate to fight the middle ground, but can’t even find it. Focus groupies. The triangulators. The dog whistlers. The politicians who daren’t say what they really mean. And that’s why UKIP attracts this eclectic support. Because when we believe something — we don’t go “are you thinking what we’re thinking?” We say it out loud.

There are a few clichés in there (“fed up to the back teeth,” “cardboard cut-out”). But by and large, this too is a text that follows Orwell’s rules. It even reads a bit like Orwell: Its sentences are short, as are all of the words; about the fanciest words are “spectrum,” “eclectic” and “ideologue.” And he ends with a macho declaration about political language itself, in the plainest possible English: “we say it out loud.”

What he wanted was perfectly clear, too. In the Brexit of his dreams, as Farage said in the same speech:

We get our money back.
We get our borders back.
We get our Parliament back.
We get our fisheries back.
We get our own seat on the bodies that actually run the world.
We get back the ability to strike free-trade deals.

“Elites” could cavil at the facts implied here. But the pounding, repetitive phrasing was perfectly clear and punishingly effective. Whatever the causes of the narrow victory for Brexit, obfuscating language was not it.

That same summer, Donald Trump was shifting into general-election mode in the United States, having wrapped up the Republican nomination for president. He had swept away more than a dozen Republican rivals who had tried to belittle him as a newcomer out of his depth. Something about his campaign generated an energy among his voters that none of his rivals could match. And much of it had to do with his speech. He loved to rib Jeb Bush, a former governor of Florida who had raised huge sums for his campaign, as “low energy.” And he was; Bush seemed an owlish, slightly tired professor next to the shouting, staccato Trump.

Trump’s style was successful precisely for being anything but that of a seasoned politician giving an elegant speech. He spoke almost entirely off the cuff:

Look, having nuclear — my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart. You know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I’m one of the smartest people anywhere in the world. It’s true! But when you’re a conservative Republican they try — oh, do they do a number — that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune. You know I have to give my like credentials all the time, because we’re a little disadvantaged. But you look at the nuclear deal, the thing that really bothers me — it would have been so easy, and it’s not as important as these lives are. Nuclear is powerful; my uncle explained that to me many, many years ago, the power, and that was 35 years ago. He would explain the power of what’s going to happen and he was right — who would have thought? But when you look at what’s going on with the four prisoners — now it used to be three, now it’s four — but when it was three and even now, I would have said it’s all in the messenger, fellas. And it is fellas because, you know, they don’t, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years. But the Persians are great negotiators. The Iranians are great negotiators. So, and they, they just killed, they just killed us.

Unedited transcripts like this rocketed around the internet, forwarded by voters alarmed that anyone could consider voting for a man who produced such a stream of non-sequiturs, the rhetorical equivalent of a bunch of beer cans, potato-chip bags and the odd shiny pool of oil floating down a filthy river. But the effect of passing these excerpts around was not what the people sharing them hoped. The chief result was to blind Trump’s opponents to how effective he was.

Real speech is full of starts and stops, non-sequiturs, ellipses and so on. For example, examine this linguistic 12-car pile-up.

We need to have a much more intentional explicit plan for NATO to engage with African countries and regional organizations, uh, not because the United States is not prepared to invest in security efforts in Africa, but rather to ensure that, uh, we are not perceived as trying to uh, dominate the continent. Rather we wanna make sure that we’re prep-, uh, seen as, uh, a reliable partner, and there are some advantages to some European countries with historical ties, uh, being engaged, uh, in uh, and uh, in ha-, in, taking advantage of relationships. The francophile countries obviously is gonna to be able to do certain things better than we can, uh, and, uh, you know, one of, one of the, uh, things we, we wanna make sure of, though is that, uh, when, when the average African thinks about US, uh, engagement in Africa, I don’t want them to think our only interest is avoiding terrorists from spilling out into, uh, the world stage.

It’s an embarrassing mess: “francophile” substituted for “francophone,” subjects and verbs not matching up, sentences not ending properly, and one “uh” after the other. The speaker is Barack Obama. He was talking to the editor and the foreign editor of The Economist on Air Force One in 2014.

For those passing around similar, unedited transcripts of Trump, the joke was on them. While he could maunder on and get off topic quite frequently, the unscripted and personal way he said nearly everything he said was mesmerizing to many voters who had never heard a politician talk like this.

And these populists were not only successful with their style; they were clear about content, in blunt language meant to shock the audiences into thinking “I’ve never heard anyone say these things.” Farage was explicit, saying that UKIP would not be cowed by taboo: “We say it out loud.”

Trump did the same, hardly hiding his plans. “We are going to build a wall and Mexico is going to pay for it.” “I would immediately start renegotiating our trade deals with Mexico, China, Japan and all of these countries that are just absolutely destroying us.” “I will get rid of gun-free zones on schools and … on military bases.” “We’re going to get Apple to start building their damn computers and things in this country instead of in other countries.”

Say what you like, but Orwell’s heavy snowfall of obscuring language is nowhere to be seen.

Since Orwell’s death, the nature of political speech has changed. In the 1940s, politicians still strove for an elevated register when they spoke in public. Beginning in the 1960s, they began aiming to look more authentic, of the people. On the Democratic side, young voters rejected their elders and tradition, while on the Republican side, Nixon turned the “silent majority” against intellectuals and the cultural elite. In both cases, the result was politicians aiming for a style that was immediate and real rather than polished and perfect. They didn’t go all the way — whether Obama or Bush, most aimed to keep some kind of dignity in their words. But demotic was in, and Demosthenes was out. By Trump, this trend had reached a peak: It was all emotion and plain words, with no hint of aiming for dignity or what used to be called “rhetoric” in the good sense.

Yet despite what Orwell might have hoped, this plain speech did nothing to stop Trump. It may indeed have been his biggest weapon. If he lied, voters either didn’t know, or they gave him a pass. And if he promised something unconscionable, like torturing terrorism suspects — “I’d bring back a hell of a lot worse than waterboarding” — many people either gave him a pass on that, too, or they actively thought it was a great idea. When people want bad things, the man who promises them those things in the plainest possible language is going to win. And beyond those who want bad things, many voters really are ill-informed. So it goes in a big and diverse society in which most people’s job is not politics.

As Trump and Brexit show, the weight of fixing a broken politics can’t fall on language alone. People need facts and arguments to make their case, not just plain talk. A democracy cannot be better than its voters. There is no easy way — linguistic or otherwise — around the hard slog of educating them to make good decisions.

Excerpted from Talk on the Wild Side: Why Language Can’t Be Tamed by Lane Greene. Copyright © 2018 by the Economist Newspaper Ltd and text copyright © 2018 by Lane Greene. Available from PublicAffairs, an imprint of Hachette Book Group, Inc.


Read this next: Truce in Paris after Trump’s offense at Macron’s EU army pledge

02 Nov 12:31

How to Punish Cybercriminals

by Bruce Schneier

Interesting policy paper by Third Way: "To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors":

In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers. We show that:

  • There is a burgeoning cybercrime wave: A rising and often unseen crime wave is mushrooming in America. There are approximately 300,000 reported malicious cyber incidents per year, including up to 194,000 that could credibly be called individual or system-wide breaches or attempted breaches. This is likely a vast undercount since many victims don't report break-ins to begin with. Attacks cost the US economy anywhere from $57 billion to $109 billion annually and these costs are increasing.

  • There is a stunning cyber enforcement gap: Our analysis of publicly available data shows that cybercriminals can operate with near impunity compared to their real-world counterparts. We estimate that cyber enforcement efforts are so scattered that less than 1% of malicious cyber incidents see an enforcement action taken against the attackers.

  • There is no comprehensive US cyber enforcement strategy aimed at the human attacker: Despite the recent release of a National Cyber Strategy, the United States still lacks a comprehensive strategic approach to how it identifies, pursues, and punishes malicious human cyberattackers and the organizations and countries often behind them. We believe that the United States is as far from this human attacker strategy as the nation was toward a strategic approach to countering terrorism in the weeks and months before 9/11.

In order to close the cyber enforcement gap, we argue for a comprehensive enforcement strategy that makes a fundamental rebalance in US cybersecurity policies: from a heavy focus on building better cyber defenses against intrusion to also waging a more robust effort at going after human attackers. We call for ten US policy actions that could form the contours of a comprehensive enforcement strategy to better identify, pursue and bring to justice malicious cyber actors that include building up law enforcement, enhancing diplomatic efforts, and developing a measurable strategic plan to do so.

16 Oct 12:09

Privacy for Tigers

by Bruce Schneier

Ross Anderson has some new work:

As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow leopards, for elephants and rhinos ­ and even for tortoises and sharks. Animal data protection laws, where they exist at all, are oblivious to these new threats, and no-one seems to have started to think seriously about information security.

Video here.

17 Aug 17:28

New Ways to Track Internet Browsing

by Bruce Schneier

Interesting research on web tracking: "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies:

Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.

In this paper, we evaluate the effectiveness of these defense mechanisms by leveraging a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identify several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were evaluated. We find that even built-in protection mechanisms can be circumvented by multiple novel techniques we discover. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.

The researchers discovered many new tracking techniques that work despite all existing anonymous browsing tools. These have not yet been seen in the wild, but that will change soon.

Three news articles. BoingBoing post.

13 Aug 14:15

IAEA Unveils Unique World Uranium Map

The IAEA has launched a comprehensive, online interactive and integrated digital map of the world’s uranium distribution and deposits. This second edition of World Distribution of Uranium Deposits was developed with contributions from the Saskatchewan Geological Survey, the Geological Survey of South Australia and the United States Geological Survey.
23 Jul 10:09

WPA3

by Bruce Schneier

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard.

This summary is as good as any other:

The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and guesses passwords over and over again until they find a match. With WPA3, attackers are only supposed to be able to make a single guess against that offline data before it becomes useless; they'll instead have to interact with the live Wi-Fi device every time they want to make a guess. (And that's harder since they need to be physically present, and devices can be set up to protect against repeat guesses.)

WPA3's other major addition, as highlighted by the Alliance, is forward secrecy. This is a privacy feature that prevents older data from being compromised by a later attack. So if an attacker captures an encrypted Wi-Fi transmission, then cracks the password, they still won't be able to read the older data -- they'd only be able to see new information currently flowing over the network.

Note that we're just getting the new standard this week. Actual devices that implement the standard are still months away.

24 Apr 14:49

Comments on social networks also reinforce socialization during adolescence

Without overlooking the risks of using social networks in adolescence, a study analyzes little known information about cybergossiping among high school students.
16 Dec 22:18

Are you still using an RSS reader?

by Adi Robertson

It’s been close to five years since Google decided to shut down Reader, the ubiquitous and beloved RSS news client. At one point, I used to do almost all my internet reading through RSS. I kept my feeds meticulously clean, poring over personal blog entries and tabbing quickly down the news, opening stories that piqued my interest. The loss of my favorite platform felt like a personal betrayal.

After Reader died, I switched to Feedly, which I’m still using today. But my relationship with it is very different. If Reader was a neat lawn, my Feedly is now an overgrown lot. I’ve got nearly 30,000 unread articles across 186 feeds, including several for websites that no longer exist — I leave some of them on the list because I’m lazy, and some...

Continue reading…

08 Aug 09:55

Video: BBC-presentator heeft even geen zin in honden op een surfplank

Het is voor nieuwsprogramma's in de zomer vaak zoeken naar onderwerpen om de uitzending te vullen, zo ook bij de BBC. Presentator Simon McCoy zit al jaren in het vak en is wel een beetje klaar met de jaarlijks terugkerende komkommertijd in de zomer.

Zichtbaar geïrriteerd kondigt hij een reportage aan over surfende honden. "Besef, het is augustus. Dit is geen makkie", verzucht hij. "Hondenbezitters en hun dieren in Californië sprongen in het diepe tijdens het tweede jaarlijkse wereldkampioenschap surfen voor honden. Hier zijn de beelden."

Het item wordt ingestart en met opnieuw een zucht leest hij zijn tekst voor. Aan het eind van de reportage komt het beeld in de 'freeze' waarop hij sarcastisch zegt: "Dat is jammer, de beelden zijn op."

19 Jul 09:46

Propaganda bots dominate social networks in some countries

by Engadget

It won’t shock you to hear that governments and shady political groups will use social network bots in a bit to control the flow of information. But just how prevalent are they? Depending on where you live, they might just dictate the social media landscape. Oxford University researchers have published a study showing that “computational propaganda” (bots and other coordinated campaigns) is practically par for the course in some countries. In Russia, for instance, 45 percent of Twitter activity stems from “highly automated” accounts. And Ukraine is a “frontline” for just about everyone — Russia, Ukrainian nationalists and civil society groups are all using digital propaganda systems in a bid to sway public opinion.

They’re influential elsewhere, too, and not just in authoritarian countries or from the authoritarians themselves. China is fond of using a mix of bots and human-guided social attacks on Taiwan’s President, but it also faces “several” large anti-government Twitter bot networks. Meanwhile, bots and other propaganda systems have attacked political figures and rallied protests in Brazil ever since the 2014 presidential election and the ensuing scandals. In Poland, a handful of right-wing accounts represent 20 percent of all political discussion in the country. All told, the researchers found 29 countries using social networks to skew opinions at home and abroad.

And the US certainly isn’t immune. Twitter bots achieved “highly influential network positions” during the 2016 presidential election, particularly among the pro-Trump camp (where a key botnet was three times larger than that for Clinton).

This isn’t to say that bots are always bad, or that democracies are defenseless against influence campaigns. Canada’s political parties use bots, for instance, but they’re also used to improve public knowledge. And Germany is a “leader” in fighting online disinformation campaigns between regulation and an abundance of watchdog groups. The tricky part is keeping a lid on digital propaganda without pushing the social networks too far. Companies like Twitter will tackle bots, but they tend to push back when asked to decide what’s true or false. It may be some time before we see numerous democracies finding a way to curb propaganda mechanisms without undermining their own free speech values.

Via: Bloomberg

Source: Oxford University (PDF)

The post Propaganda bots dominate social networks in some countries appeared first on AIVAnet.

06 Jul 13:28

'EU wil Google recordboete opleggen vanwege machtsmisbruik met Android'

by Arnoud Wokke
De Europese Commissie wil Google een recordboete opleggen vanwege machtsmisbruik met zijn mobiele besturingssysteem Android. Onlangs gaf de EU Google een boete van 2,4 miljard euro, omdat het Google Shopping voorrang gaf in zoekresultaten.
03 Jul 08:24

NATO could be forced to respond to the Petya attack, says new report

by Kwame Opam

In the wake of last week’s massive Petya ransomware attack in Eastern Europe, researchers are reaching consensus that the incident was a politically-motivated cyberattack. According to CNBC, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) recently put out a statement claiming that the attack was like done by a state actor or a group with state approval. The development means that the cyberattack could be viewed as an act of war, triggering Article 5 of the Washington Treaty and compelling NATO allies to respond.

"As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty,” wrote Tomáš Minárik, a researcher at the CCD COE law...

Continue reading…

07 Jun 19:12

Mysterious Group Lands Denuvo Anti-Piracy Body Blow

by Andy

While there’s always excitement in piracy land over the release of a new movie or TV show, video gaming fans really know how to party when a previously uncracked game appears online.

When that game was protected by the infamous Denuvo anti-piracy system, champagne corks explode.

There’s been a lot of activity in this area during recent months but more recently there’s been a noticeable crescendo. As more groups have become involved in trying to defeat the system, Denuvo has looked increasingly vulnerable. Over the past 24 hours, it’s looked in serious danger.

The latest drama surrounds DISHONORED.2-STEAMPUNKS, which is a pirate release of the previously uncracked action adventure game Dishonored 2. The game uses Denuvo protection and at the rate titles have been falling to pirates lately, it’s appearance wasn’t a surprise. However, the manner in which the release landed online has sent shockwaves through the scene.

The cracking scene is relatively open these days, in that people tend to have a rough idea of who the major players are. Their real-life identities are less obvious, of course, but names like CPY, Voksi, and Baldman regularly appear in discussions.

The same cannot be said about SteamPunks. With their topsite presence, they appear to be a proper ‘Scene’ group but up until yesterday, they were an unknown entity.

It’s fair to say that this dramatic appearance from nowhere raised quite a few eyebrows among the more suspicious crack aficionados. That being said, SteamPunks absolutely delivered – and then some.

Rather than simply pre-crack (remove the protection) from Dishonored 2 and then deliver it to the public, the SteamPunks release appears to contain code which enables the user to generate Denuvo licenses on a machine-by-machine basis.

If that hasn’t sunk in, the theory is that the ‘key generator’ might be able to do the same with all Denuvo-protected releases in future, blowing the system out of the water.

While that enormous feat remains to be seen, there is an unusual amount of excitement surrounding this release and the emergence of the previously unknown SteamPunks. In the words of one Reddit user, the group has delivered the cracking equivalent of The Holy Hand Grenade of Antioch, yet no one appears to have had any knowledge of them before yesterday.

Only adding to the mystery is the lack of knowledge relating to how their tool works. Perhaps ironically, perhaps importantly, SteamPunks have chosen to protect their code with VMProtect, the software system that Denuvo itself previously deployed to stop people reverse-engineering its own code.

This raises two issues. One, people could have difficulty finding out how the license generator works and two, it could potentially contain something nefarious besides the means to play Dishonored 2 for free.

With the latter in mind, a number of people in the cracking community have been testing the release but thus far, no one has found anything untoward. That doesn’t guarantee that it’s entirely clean but it does help to calm nerves. Indeed, cracking something as difficult as Denuvo in order to put out some malware seems a lot of effort when the same could be achieved much more easily.

“There is no need to break into Fort Knox to give out flyers for your pyramid scheme,” one user’s great analogy reads.

That being said, people with experience are still urging caution, which should be the case for anyone running a cracked game, no matter who released it.

Finally, another twist in the Denuvo saga arrived yesterday courtesy of VMProtect. As widely reported, someone from the company previously indicated that Denuvo had been using its VMProtect system without securing an appropriate license.

The source said that legal action was on the horizon but an announcement from VMProtect yesterday suggests that the companies are now seeing eye to eye.

“We were informed that there are open questions and some uncertainty about the use of our software by DENUVO GmbH,” VMProtect said.

“Referring to this circumstance we want to clarify that DENUVO GmbH had the right to use our software in the past and has the right to use it currently as well as in the future. In summary, no open issues exist between DENUVO GmbH and VMProtect Software for which reason you may ignore any other divergent information.”

While the above tends to imply there’s never been an issue, a little more information from VMProtect dev Ivan Permyakov may indicate that an old dispute has since been settled.

“Information about our relationship with Denuvo Software has long been outdated and irrelevant,” he said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

04 Jun 21:04

No, Netflix Hasn’t Won The War on Piracy

by Ernesto

Recently a hacker group, or hacker, going by the name TheDarkOverlord (TDO) published the premiere episode of the fifth season of Netflix’s Orange is The New Black, followed by nine more episodes a few hours later.

TDO obtained the videos from Larson Studios, which didn’t pay the 50 bitcoin ransom TDO had requested. The hackers then briefly turned their attention to Netflix, before releasing the shows online.

In the aftermath, a flurry of articles claimed that Netflix’s refusal to pay means that it is winning the war on piracy. Torrents are irrelevant or no longer a real threat and piracy is pointless, they concluded.

One of the main reasons cited is a decline in torrent traffic over the years, as reported by the network equipment company Sandvine.

“Last year, BitTorrent traffic reached 1.73 percent of peak period downstream traffic in North America. That’s down from the 60 percent share peer-to-peer file sharing had in 2003. Netflix was responsible for 35.15 percent of downstream traffic,” one reporter wrote.

Piracy pointless?

Even Wired, a reputable technology news site, jumped on the bandwagon.

“It’s not that torrenting is so onerous. But compared to legitimate streaming, the process of downloading a torrenting client, finding a legit file, waiting for it to download, and watching it on a laptop (or mirroring it to a television) hardly seems worth it,” the articles states.

These and many similar articles suggest that Netflix’s ease of use is superior to piracy. Netflix is winning the war on piracy, which is pretty much reduced to a fringe activity carried out by old school data hoarders, they claimed.

But is that really the case?

I wholeheartedly agree that Netflix is a great alternative to piracy, and admit that torrents are not as dominant as they were before. But, everybody who thinks that piracy is limited to torrents, need to educate themselves properly.

Piracy has evolved quite a bit over the past several years and streaming is now the main source to satisfy people’s ‘illegal’ viewing demands.

Whether it’s through pirate streaming sites, mobile apps or dedicated media players hooked to TVs; it’s not hard to argue that piracy is easier and more convenient than it has even been in the past. And arguably, more popular too.

The statistics are dazzling. According to piracy monitoring outfit MUSO there are half a billion visits to video pirate sites every day. Roughly 60% of these are to streaming sites.

While there has been a small decline in streaming visits over the past year, MUSO’s data doesn’t cover the explosion of media player piracy, which means that there is likely a significant increase in piracy overall.

TorrentFreak contacted the aforementioned network equipment company Sandvine, which said that we’re “on to something.”

Unfortunately, they currently have no data to quantify the amount of pirate streaming activity. This is, in part, because many of these streams are hosted by legitimate companies such as Google.

Torrents may not be dominant anymore, but with hundreds of millions of visits to streaming pirate sites per day, and many more via media players and other apps, piracy is still very much alive. Just ask the Motion Picture Association.

I would even argue that piracy is more of a threat to Netflix than it has ever been before.

To illustrate, here is a screenshot from one of the most visited streaming piracy sites online. The site in question receives millions of views per day and featured two Netflix shows, “13 Reasons Why” and the leaked “Orange is The New Black,” in its daily “most viewed” section recently.

Netflix shows among the “most viewed” pirate streams

If you look at a random streaming site, you’ll see that they offer an overview of thousands of popular movies and TV-shows, far more than Netflix. Pirate streaming sites have more content than Netflix, often in high quality, and it doesn’t cost a penny.

Throw in the explosive growth of piracy-capable media players that can bring this content directly to the TV-screen, and you’ll start to realize the magnitude of this threat.

In a way, the boost in streaming piracy is a bigger threat to Netflix than the traditional Hollywood studios. Hollywood still has its exclusive release windows and a superior viewing experience at the box office. All Netflix content is instantly pirated, or already available long before they add it to their catalog.

Sure, pirate sites might not appeal to the average middle-class news columnist who’s been subscribed to Netflix for years, but for tens of millions of less fortunate people, who can do without another monthly charge on their household bill, it’s an easy choice.

Not the right choice, legally speaking, but that doesn’t seem to bother them much.

That’s illustrated by tens of thousands of people from all over the world commenting with their public Facebook accounts, on movies and TV-shows that were obviously pirated.

Pirate comments on a streaming site

Of course, if piracy disappeared overnight then only a fraction of these pirates would pay for a Netflix subscription, but saying that piracy is irrelevant for the streaming giant may be a bit much.

Netflix itself is all too aware of this it seems. The company has launched its own “Global Copyright Protection Group,” an anti-piracy division that’s on par with those of many major Hollywood studios.

Netflix isn’t winning the war on piracy; it just got started….

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

02 Jun 12:59

WannaCry and Vulnerabilities

by Bruce Schneier

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims' access to their computers until they pay a fee. Then there are the users who didn't install the Windows security patch that would have prevented an attack. A small portion of the blame falls on Microsoft, which wrote the insecure code in the first place. One could certainly condemn the Shadow Brokers, a group of hackers with links to Russia who stole and published the National Security Agency attack tools that included the exploit code used in the ransomware. But before all of this, there was the NSA, which found the vulnerability years ago and decided to exploit it rather than disclose it.

All software contains bugs or errors in the code. Some of these bugs have security implications, granting an attacker unauthorized access to or control of a computer. These vulnerabilities are rampant in the software we all use. A piece of software as large and complex as Microsoft Windows will contain hundreds of them, maybe more. These vulnerabilities have obvious criminal uses that can be neutralized if patched. Modern software is patched all the time -- either on a fixed schedule, such as once a month with Microsoft, or whenever required, as with the Chrome browser.

When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice. As former US Assistant Attorney General Jack Goldsmith has said, "Every offensive weapon is a (potential) chink in our defense -- and vice versa."

This is all well-trod ground, and in 2010 the US government put in place an interagency Vulnerabilities Equities Process (VEP) to help balance the trade-off. The details are largely secret, but a 2014 blog post by then President Barack Obama's cybersecurity coordinator, Michael Daniel, laid out the criteria that the government uses to decide when to keep a software flaw undisclosed. The post's contents were unsurprising, listing questions such as "How much is the vulnerable system used in the core Internet infrastructure, in other critical infrastructure systems, in the US economy, and/or in national security systems?" and "Does the vulnerability, if left unpatched, impose significant risk?" They were balanced by questions like "How badly do we need the intelligence we think we can get from exploiting the vulnerability?" Elsewhere, Daniel has noted that the US government discloses to vendors the "overwhelming majority" of the vulnerabilities that it discovers -- 91 percent, according to NSA Director Michael S. Rogers.

The particular vulnerability in WannaCry is code-named EternalBlue, and it was discovered by the US government -- most likely the NSA -- sometime before 2014. The Washington Post reported both how useful the bug was for attack and how much the NSA worried about it being used by others. It was a reasonable concern: many of our national security and critical infrastructure systems contain the vulnerable software, which imposed significant risk if left unpatched. And yet it was left unpatched.

There's a lot we don't know about the VEP. The Washington Post says that the NSA used EternalBlue "for more than five years," which implies that it was discovered after the 2010 process was put in place. It's not clear if all vulnerabilities are given such consideration, or if bugs are periodically reviewed to determine if they should be disclosed. That said, any VEP that allows something as dangerous as EternalBlue -- or the Cisco vulnerabilities that the Shadow Brokers leaked last August to remain unpatched for years isn't serving national security very well. As a former NSA employee said, the quality of intelligence that could be gathered was "unreal." But so was the potential damage. The NSA must avoid hoarding vulnerabilities.

Perhaps the NSA thought that no one else would discover EternalBlue. That's another one of Daniel's criteria: "How likely is it that someone else will discover the vulnerability?" This is often referred to as NOBUS, short for "nobody but us." Can the NSA discover vulnerabilities that no one else will? Or are vulnerabilities discovered by one intelligence agency likely to be discovered by another, or by cybercriminals?

In the past few months, the tech community has acquired some data about this question. In one study, two colleagues from Harvard and I examined over 4,300 disclosed vulnerabilities in common software and concluded that 15 to 20 percent of them are rediscovered within a year. Separately, researchers at the Rand Corporation looked at a different and much smaller data set and concluded that fewer than six percent of vulnerabilities are rediscovered within a year. The questions the two papers ask are slightly different and the results are not directly comparable (we'll both be discussing these results in more detail at the Black Hat Conference in July), but clearly, more research is needed.

People inside the NSA are quick to discount these studies, saying that the data don't reflect their reality. They claim that there are entire classes of vulnerabilities the NSA uses that are not known in the research world, making rediscovery less likely. This may be true, but the evidence we have from the Shadow Brokers is that the vulnerabilities that the NSA keeps secret aren't consistently different from those that researchers discover. And given the alarming ease with which both the NSA and CIA are having their attack tools stolen, rediscovery isn't limited to independent security research.

But even if it is difficult to make definitive statements about vulnerability rediscovery, it is clear that vulnerabilities are plentiful. Any vulnerabilities that are discovered and used for offense should only remain secret for as short a time as possible. I have proposed six months, with the right to appeal for another six months in exceptional circumstances. The United States should satisfy its offensive requirements through a steady stream of newly discovered vulnerabilities that, when fixed, also improve the country's defense.

The VEP needs to be reformed and strengthened as well. A report from last year by Ari Schwartz and Rob Knake, who both previously worked on cybersecurity policy at the White House National Security Council, makes some good suggestions on how to further formalize the process, increase its transparency and oversight, and ensure periodic review of the vulnerabilities that are kept secret and used for offense. This is the least we can do. A bill recently introduced in both the Senate and the House calls for this and more.

In the case of EternalBlue, the VEP did have some positive effects. When the NSA realized that the Shadow Brokers had stolen the tool, it alerted Microsoft, which released a patch in March. This prevented a true disaster when the Shadow Brokers exposed the vulnerability on the Internet. It was only unpatched systems that were susceptible to WannaCry a month later, including versions of Windows so old that Microsoft normally didn't support them. Although the NSA must take its share of the responsibility, no matter how good the VEP is, or how many vulnerabilities the NSA reports and the vendors fix, security won't improve unless users download and install patches, and organizations take responsibility for keeping their software and systems up to date. That is one of the important lessons to be learned from WannaCry.

This essay originally appeared in Foreign Affairs.